Category: Initiatives (page 1 of 5)

#TakeBackControl with #VRM

That’s a big part of what tonight’s Respect Network launch here in London is about. I’ll be speaking briefly tonight at the event and giving the opening keynote at the Immersion Day that will follow tomorrow. Here is a draft of what I’ll say tonight:

This launch is personal.

It’s about privacy.

It’s about control.

It’s about taking back what we lost when Industry won the Industrial Revolution.

It’s about fixing a marketplace that has been ruled by giant companies for a hundred and fifty years — even on the Internet, which was designed — literally — to support our independence, our autonomy, our freedom, our liberty, our agency in the world.

Mass marketing required subordinating the individual to the group, to treat human beings as templates, demographics, typicalities.

The promise of the Internet was to give each of us scale, reach and power.

But the commercial Internet was built on the old model. On the industrial model. What we have now is what the security guru Bruce Schneier calls a feudal system. We are serfs in the Kingdom of Google, the Duchy of Facebook, the Principality of Amazon.

Still, it’s early. The Internet as we know it today — with browsers, ISPs, search engines and social media — is just eighteen years old. In the history of business, and of civilization, this is nothing. We’ve barely started.

But the Internet does something new that nothing else in human history ever did, and we’re only beginning to wrap our heads around the possibilities: It puts everybody and everything at zero functional distance from everybody and everything else — and at costs that want to be zero as well.

This is profound and huge. The fact that we have the Net means we can zero-base new solutions that work for each of us, and not just for our feudal overlords.

Archimedes said “Give me a place to stand and I can move the world.”

That’s why we are here today. Respect Network has been working to give each of us a place to stand, to take back control: of our identities, our data, our lives, our relationships… of everything we do on the Net as free and independent human beings.

And what’s extra cool about this is that Respect Network isn’t just one company. It’s dozens of them, all standing behind the same promise, the same principles, the same commitment to build markets upward from you and me, and not just downward like eyes atop pyramids of control.

I’ll have a lot more to say about this tomorrow at Immersion Day, but for now I invite you to savor participating in a historic occasion.

I’m sure I’ll say something different, because I’ll speak extemporaneously and without the crutchware of slides. But I want to get this up  because I can’t print where I am at the moment, and it seems like a fun and useful thing to do in any case.

For more, see A New Data Deal, starting today, at my personal blog.

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

  • Personal Clouds, including —
    • The Internet of Me and My Things
    • QS (Quantified Self) and Self-Hacking
  • Fully personal wallets, rather than branded ones that work only with payment silos and their partners
  • Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
  • Browser add-ons, extensions, related developments
  • Licensing issues
  • Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
  • Legal issues, such as creating terms and policies that individuals assert
  • Tracking and ad blocking, and harmonizing methods and experiences
  • Health Care VRM
  • Devices, such as the freedom box
  • VRM inSovereign vs./+ Administrative identities
    • Real estate
    • Banking (including credit cards, payments, transactions)
    • Retail
  • Personal data pain points, e.g. filling out forms
  • Trust networks
  • Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

VRM happenings in the U.K.

The tweets have been rolling in…

Identity Assurance: Mydex’s unique contribution. An interview with @dejalexander @MydexCIC http://www.ctrl-shift.co.uk/news/2012/11/15/identity-assurance-mydexs-unique-contribution/ …

@321CtrlShift interview with my colleague @dejalexander on @MydexCIC and #IDAssurance http://is.gd/7yyiZk  #VRM

Very thoughtful @SimonTucker blog post about today’s DWP announcement http://is.gd/zRslHa  #IDAssurance #VRM

williamheath@williamheath

For those who wondered how #VRM would first break in the popular press: http://bit.ly/107SqT9  #DailyMirror #Midata #CtrlShift

So let’s unpack those.

First, the DWP (Department for Work and Pensions) announcement. What Mydex and others will provide is online identity assurance. (Note: not “providing” an identity.) To explain, Out-Law.com gives us Online identity scheme providers selected to design new DWP framework for verifying claims by benefits seekers.

This is one step in a march of reform led by the U.K. government, and moving in a generally VRooMy direction through the Midata program. Here are some links, starting in late 2011, and listed roughly chronologically:

The piece in the Mirror focuses on health and retail discounts. VRM is much broader than that, but it’s a good start.

[Later...] More below, from William Heath.

IIW XV

The XVth IIW is coming up on October 23-25 at the Computer History Museum in Mountain View, and VRM will be, as usual, a big topic — or collection of topics — there.

IIW stands for Internet Identity Workshop, but the topical range is much wider than identity alone. Front and center for the last several IIWs has been personal data (a special concern not only of many VRM development efforts, but of the Personal Data Ecosystem Consortium).

IIW is an unconference that Kaliya Hamlin, Phil Windley and I have been putting on twice a year since 2005. It could hardly be less formal or conference-like. There are no panels, no speakers, no keynotes. There are just participants. All the sessions are breakouts, and all the topics are chosen by participants, who come up with them at the start of each day, vetting whatever they like with the rest of the crowd. Some of the sessions are technical, many others are not. All of them are interesting, lively, and move things forward.

As in IIWs past, we have a VRM planning day on Monday, just before IIW. That’s the 22nd. Everybody is welcome. The purpose is to discuss what we’d like to make happen over the following three days. Unlike IIWs past, this planning day is also at the Computer History Museum. It’ll run from 9 to 5.

Here are some topics currently being vetted on the ProjectVRM list:

  1. Demonstrations of progress on various VRM fronts
  2. Relationship management tools, including UI elements such as r-buttons: ⊂ ⊃.
  3. Personal data store/locker/vault/cloud etc. efforts
  4. Personal operating systems (including personal cloud)
  5. Intentcasting, aka personal RFPs
  6. Turning DNT (Do Not Track) into DNT-D (Do Not Track + Dialog)
  7. Cooperation + competition among and between different VRM development efforts
  8. FOSS (free and open source software) and VRM
  9. Creating and working with APIs
  10. Standards and protocols old and new (e.g. XDI, RDF, tent.io)
  11. Role of governments (e.g. Midata in the UK, and privacy ministries in various countries)
  12. Legal / terms of service and engagement, and expression of preferences and policies
  13. Trust frameworks
  14. Working with industry verticals, such as banks and retail
  15. Matching up with QS (Quantified Self ) and self-hacking movements and interests (especially around personal data)
  16. Matching up VRM and CRM/sCRM
  17. Subject-based VRM, such as with the “subscription economy”
  18. VCs and other investors
  19. Relationships with other .orgs, e.g. PDE.Cc, Customer Commons
  20. Discovering and encouraging more VRM and VRooMy development efforts
  21. Alignment of talking points when evangelizing VRM
  22. Intention Economy
  23. Relationship Economy (and overlaps with the above)
  24. Identity-related matters, including NSTIC

I numbered them not in order of importance, but just to make them easier to discuss at the meeting. (e.g. “Let’s look at number 13″). Look forward to seeing you there.

Here are some photos from IIWs past. The photo up top is of a slab of metal covering a hole in pavement on a street in Manhattan. Saw it and couldn’t resist shooting it with my phone.

Coming to terms

We lie every time we “accept” terms that we haven’t read — a pro forma  behavior that is all but required by the calf-cow model of the Web that’s prevailed since 1995. We need to change that. And so we are.

StandardLabel.org is working on “A clear, consistent way for websites to say what they do with the data they share, before we share it.” While its recent Kickstarter campaign came up a bit short, the work continues. Here is one (prototypical) way that label might look:

(The actual image I wanted there was this one, but heard it wasn’t showing up in all browsers, so I went with the one above.)

The StandardLabel folks also have a survey, which I recommend taking.

CommonTerms intends “to solve the problem of non-accessible online legal texts in a way similar to how Creative Commons made different copyright licenses accessible,” adding, “We thought that by analyzing existing agreements, we could identify the most common terms, and then create icons to symbolize them.” Background:

The CommonTerms project is coordinated by Metamatrix AB andsponsored by Internetfonden.se

The project is a result of a session on “sustainable web development” by Pär Lannerö and Thomas Bjelkeman at the Sweden Social Web Camp, in August 2010.

Their prototype, focused on icons, stars Pär and looks like this:

Par and  Lars-Erik Jakobsson (icon), Gregg BernsteinCarl TörnquistHanna ArkestålMax WalterMattias AspelundAnders Carlman have since added BiggestLie.com, source of the image at the top of this post, plus this one here, which I just earned:

The idea is to start getting real about what we’re all doing and not doing.

What we’re doing is lying: i.e. agreeing not only to what we don’t read, but to the rotted status quo of which one-sided non-agreements are a part. What we’ve not been doing for most of the last 17 years is solving the problem.

But, thanks to the work above (plus whatever I’ve missed), we are doing some things. So are PDEC.cc and companies like Personal. Other work is happening with personal clouds. (PDEC is on that case too.) Aza Raskin‘s Privacy Icons are an effort in this same direction. (CommonTerms has a longer list.)

Still, looks to me like most of the work being done so far is on the cow side of the calf-cow relationship. On our side, we need to stop being calves, for real. That is, we need to have full agency in the original sense of the word: power to cause intended effects on our own.

For that we will need machine- and user-readable ways to express own terms, preferences and policies, so they can be read by sites (the cows) and matched up. That’s the idea behind EmanciTerm, described in How about using the ‘No Track’ button we already have? and in The Intention Economy. There I explain,

With full agency, however, an individual can say, in the first person voice, “I own my data, I control who gets access to it, and I specify what I wish to happen under what conditions.” In the latter category, those wishes might include:

  • Don’t track my activities outside of this site.
  • Don’t put cookies in my browser for anything other than helping us remember each other and where we were.
  • Make data collected about me available in a standard, open format.
  • Please meet my fourth-party agent, Personal.com (or whomever).

These are EmanciTerms, and there will be corresponding ones on the vendor’s side. Once they are made simple and straightforward enough, they should become normative to the point where they serve as de facto stan- dards, in practice.

Since the terms should be agreeable and can be expressed in text that code can parse, the process of arriving at agreements can be automated.

For example, when using a public wi-fi access point, a person’s EmanciTerms might say, “I will not knowingly hog this shared resource, for example, by watching high-def video on it,” or “I will not engage in illegal activities here.” If the provider of the access point has a VRM-ready service that is willing to deal with the user on his or her own EmanciTerms as well as those of the provider, it should be possible to automate the formalities and let the user bypass the usual “read and accept our agreement” ritual.

Not everything we express in the proposed ceremony here has to be one side of a binding agreement. If we express these terms as preferences or policies they can still be heard, even if they’re not agreed to. Being heard is one idea behind BiggestLie. But the cows can’t fix this on their own. We need to work both sides.

The only problem with all this is that our work is scattered. Let’s get it together.

VRM at IIW

VRM was a hot topic at IIW last week, with at least one VRM or VRM-related breakout per session — and that was on top of the VRM workshop held at Ericsson on Monday, April 30, the day before IIW started. (Thanks to Nitin Shah and the Ericsson folks for making the time and space available, in a great facility.) Here’s a quick rundown from the #IIW14 wiki:

Tuesday, May 1, Session 1

Tuesday, May 1,Session 2

Tuesday, May 1, Session 3

Tuesday, May 1,Session 4

Tuesday, May 1,Session 5

Wednesday, May 2, Session 1

Wednesday, May 2,Session 2

Wednesday, May 2,Session 3

Wednesday, May 2,Session 4

Wednesday, May 2,Session 5

Thurssday, May 3,Sessions 1-5

On Friday, May 4, I also visited with Jeremie Miller, Jason Cavnar and the Locker Project / Singly team in San Francisco. Very impressed with what they’re up to as well.

Bonus IIW linkage:

Your actual wallet vs./+ Google’s and Apple’s

Now comes news that Apple has been granted a patent for the iWallet. Here’s one image among many at that last link:

iwallet

Note the use of the term “rules.” Keep that word in mind. It is a Good Word.

Now look at this diagram from Phil Windley‘s Event Channels post:

event channels

Another term for personal event network is personal cloud. Phil visits this in An Operating System for Your Personal Cloud, where he says, “In contrast a personal event network is like an OS for your personal cloud. You can install apps to customize it for your purpose, it canstore and manage your personal data, and it provides generalized services through APIsthat any app can take advantage of.” One of Phil’s inventions is the Kinetic Rules Language, or KRL, and the rules engine for executing those rules, in real time. Both are open source. Using KRL you (or a programmer working for you, perhaps at a fourth party working on your behalf, can write the logic for connecting many different kinds of events on the Live Web, as Phil describes here).

What matters here is that you write your own rules. It’s your life, your relationships and your data. Yes, there are many relationships, but you’re in charge of your own stuff, and your own ends of those relationships. And you operate as  free, independent and sovereign human being. Not as a “user” inside a walled garden, where the closest thing you can get to a free market is “your choice of captor.”

Underneath your personal cloud is your personal data store (MyDex, et. al.), service (Higgins), locker (Locker Project / Singly), or vault (Personal.com). Doesn’t matter what you call it, as long as it’s yours, and you can move the data from one of these things into another, if you like, compliant with the principles Joe Andrieu lays out in his posts on data portability, transparency, self-hosting and service endpoint portability.

Into that personal cloud you should also be able to pull in, say, fitness data from Digifit and social data from any number of services, as Singly demonstrates in its App Gallery. One of those is Excessive Mapper, which pulls together checkins with Foursquare, Facebook and Twitter. I only check in with Foursquare, which gives me this (for the U.S. at least):

Excessive Mapper

The thing is, your personal cloud should be yours, not somebody else’s. It should contain your data assets. The valuable nature of personal data is what got the World Economic Forum to consider personal data an asset class of its own. To help manage this asset class (which has enormous use value, and not just sale value), a number of us (listed by Tony Fish in his post on the matter) spec’d out the Digital Asset Grid, or DAG…

DAG

… which was developed with Peter Vander Auwera and other good folks at SWIFT (and continues to evolve).

There are more pieces than that, but I want to bring this back around to where your wallet lives, in your purse or your back pocket.

Wallets are personal. They are yours. They are not Apple’s or Google’s or Microsoft’s, or any other company’s, although they contain rectangles representing relationships with various companies and organizations:

Still, the container you carry them in — your wallet — is yours. It isn’t somebody else’s.

But it’s clear, from Apple’s iWallet patent, that they want to own a thing called a wallet that lives in your phone. Does Google Wallet intend to be the same kind of thing? One might say yes, but it’s not yet clear. When Google Wallet appeared on the development horizon last May, I wrote Google Wallet and VRM. In August, when flames rose around “real names” and Google +, I wrote Circling Around Your Wallet, expanding on some of the same points.

What I still hope is that Google will want its wallet to be as open as Android, and to differentiate their wallet from Apple’s through simple openness.  But, as Dave Winer said a few days ago

Big tech companies don’t trust users, small tech companies have no choice. This is why smaller companies, like Dropbox, tend to be forces against lock-in, and big tech companies try to lock users in.

Yet that wasn’t the idea behind Android, which is why I have a degree of hope for Google Wallet. I don’t know enough yet about Apple’s iWallet; but I think it’s a safe bet that Apple’s context will be calf-cow, the architecture I wrote about here and here. (In that architecture, you’re the calf, and Apple’s the cow.) Could also be that you will have multiple wallets and a way to unify them. In fact, that’s probably the way to bet.

So, in the meantime, we should continue working on writing our own rules for our own digital assets, building constructive infrastructure that will prove out in ways that require the digital wallet-makers to adapt rather than to control.

I also invite VRM and VRooMy developers to feed me other pieces that fit in the digital assets picture, and I’ll add them to this post.

How about using the ‘No Track’ button we already have?

left r-buttonright r-buttonFor as long as we’ve had economies, demand and supply have been attracted to each other like a pair of magnets. Ideally, they should match up evenly and produce good outcomes. But sometimes one side comes to dominate the other, with bad effects along with good ones. Such has been the case on the Web ever since it went commercial with the invention of the cookie in 1995, resulting in a calf-cow model in which the demand side — that’s you and me — plays the submissive role of mere “users,” who pretty much have to put up with whatever rules websites set on the supply side.

Consistent with Lord Acton’s axiom (“Power corrupts; absolute power corrupts absolutely”) the near absolute power of website cows over user calves has resulted in near-absolute corruption of website ethics in respect to personal privacy.

This has been a subject of productive obsession by Julia Anguin and her team of reporters at The Wall Street Journal, which have been producing the What They Know series (shortcut: http://wsj.com/wtk) since July 30, 2010, when Julia by-lined The Web’s New Gold Mine: Your Secrets. The next day I called that piece a turning point. And I still believe that.

Today came another one, again in the Journal, in Julia’s latest, titled Web Firms to Adopt ‘No Track’ Button. She begins,

A coalition of Internet giants including Google Inc. has agreed to support a do-not-track button to be embedded in most Web browsers—a move that the industry had been resisting for more than a year.

The reversal is being announced as part of the White House’s call for Congress to pass a “privacy bill of rights,” that will give people greater control over the personal data collected about them.

The long White House press release headline reads,

We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online

Internet Advertising Networks Announces Commitment to “Do-Not-Track” Technology to Allow Consumers to Control Online Tracking

Obviously, government and industry have been working together on this one. Which is good, as far as it goes. Toward that point, Julia adds,

The new do-not-track button isn’t going to stop all Web tracking. The companies have agreed to stop using the data about people’s Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as “market research” and “product development” and can still be obtained by law enforcement officers.

The do-not-track button also wouldn’t block companies such as Facebook Inc. from tracking their members through “Like” buttons and other functions.

“It’s a good start,” said Christopher Calabrese, legislative counsel at the American Civil Liberties Union. “But we want you to be able to not be tracked at all if you so choose.”

In the New York Times’ White House, Consumers in Mind, Offers Online Privacy Guidelines Edward Wyatt writes,

The framework for a new privacy code moves electronic commerce closer to a one-click, one-touch process by which users can tell Internet companies whether they want their online activity tracked.

Much remains to be done before consumers can click on a button in their Web browser to set their privacy standards. Congress will probably have to write legislation governing the collection and use of personal data, officials said, something that is unlikely to occur this year. And the companies that make browsers — Google, Microsoft, Apple and others — will have to agree to the new standards.

No they won’t. Buttons can be plug-ins to existing browsers. And work has already been done. VRM developers are on the case, and their ranks are growing. We have dozens of developers (at that last link) working on equipping both the demand and the supply side with tools for engaging as independent and respectful parties. In fact we already have a button that can say “Don’t track me,” plus much more — for both sides. Its calle the R-button, and it looks like this: ⊂ ⊃. (And yes, those symbols are real characters. Took a long time to find them, but they do exist.)

Yours — the user’s — is on the left. The website’s is on the right. On a browser it might look like this:

r-button in a browser

Underneath both those buttons can go many things, including preferences, policies, terms, offers, or anything else — on both sides. One of those terms can be “do not track me.” It might point to a fourth party (see explanations here and here) which, on behalf of the user or customer, maintains settings that control sharing of personal data, including the conditions that must be met. A number of development projects and companies are already on this case. All the above falls into a category we call EmanciTerm. Much has been happening as well around personal data stores (PDSes), also called “lockers,” “services” and “vaults.” These include:

Three of those are in the U.S., one in Austria, one in France, one in South Africa, and three in the U.K. (All helping drive the Midata project by the U.K. government, by the way.) And those are just companies with PDSes. There are many others working on allied technologies, standards, protocols and much more. They’re all just flying below media radar because media like to look at what big suppliers and governments are doing. Speaking of which… :-)

Here’s Julia again:

Google is expected to enable do-not-track in its Chrome Web browser by the end of this year.

Susan Wojcicki, senior vice president of advertising at Google, said the company is pleased to join “a broad industry agreement to respect the ‘Do Not Track’ header in a consistent and meaningful way that offers users choice and clearly explained browser controls.”

White House Deputy Chief Technology Officer Daniel Weitzner said the do-not-track option should clear up confusion among consumers who “think they are expressing a preference and it ends up, for a set of technical reasons, that they are not.”

Some critics said the industry’s move could throw a wrench in a separate year-long effort by the World Wide Web consortium to set an international standard for do-not-track. But Mr. Ingis said he hopes the consortium could “build off of” the industry’s approach.

So here’s an invitation to the White House, Google, the 3wC, interested BigCos (including CRM companies), developers of all sizes and journalists who are interested in building out genuine and cooperative relationships between demand and supply::::

Join us at IIW — the Internet Identity Workshop — in Mountain View, May 1-3. This is the unconference where developers and other helpful parties gather to talk things over and move development forward. No speakers, no panels, no BS. Just good conversation and productive work. It’s our fourteenth one, and they’ve all been highly productive.

As for the r-button, take it and run with it. It’s there for the development. It’s meaningful. We’re past square one. We’d love to have all the participation we can get, from the big guys as well as the little ones listed above and here.

To help get your thinking started, visit this presentation of one r-button scenario, by Adam Marcus of MIT. Here’s another view of the same work, which came of of a Google Summer of Code project through ProjectVRM and the Berkman Center:

(Props to Oshani Seneviratne and David Karger, also both of MIT, and Ahmad Bakhiet, of Kings College London, for work on that project.)

If we leave fixing the calf-cow problem entirely up to the BigCos and BigGov, it won’t get fixed. We have to work from the demand side as well. In economies, customers are the 100%.

Here are some other stories, mostly gathered by Zemanta:

All look at the symptoms, and supply-side cures. Time for the demand side to demand answers from itself. Fortunately, we’ve been listening, and the answers are coming.

Oh, and by the way, Mozilla has been offering “do not track” for a long time. Other tools are also available:

SOPA and Customer Commons

Imagine that Customer Commons had been created a year ago. To guide that imagining, here is the copy that matters from the placeholder page:

Customer Commons is about us.

  1. We are a com­mu­nity of customers.
  2. We are funded only by customers.
  3. We serve the inter­ests and aspi­ra­tions of customers.

We are the 100%

Customer Commons is the successor organization to ProjectVRM. Think of ProjectVRM as the launch pad and rocket for getting VRM development and research into orbit — and of Customer Commons as the rest of the universe.

So the future is wide open.

SOPA, however, is about enclosing some of the Universe’s commons, which is essentially NEA:

  1. Nobody owns it
  2. Everybody can use it
  3. Anybody can improve it

What would we — the 100% who are customers — be doing about SOPA?

Customer Commons is just in the planning stages now. We want it up and running by the time The Intention Economy: When Customers Take Charge comes out in May. What should it be and how would it work?

All thoughts welcome.

P.S. ProjectVRM is a Berkman Center project, and therefore does not take an advocacy position on matters of public debate, such as SOPA — which is why this blog is not offline or blacked out today.

FWIW, my own (naturally optimistic) point of view is well expressed by Harold Feld in SOPABlackout And the “Internet Spring”.

Prototyping a new business model for everything

For IIW next week, and I have been working on a prototype demonstrating , using on the  app from .  The description at the EmanciPay link is minimal so far, but the model has a great deal of promise, because what it puts forward is a new business model for all kinds of stuff: easy voluntary payments from anybody for anything, to escrow accounts where the money can be picked up by the intended recipient with no strings attached. The first target is public radio (as it has been, ever since the earliest ProjectVRM meetings at the ), but it could easily apply to and other media as well.

We still need financial institutions to weigh in and take up a new business model for themselves, and it would be cool if some of them showed up at IIW next week for that, but in any case we’re taking one small step in the direction of a major sea change in the way markets for media work.

I’ve been making test contributions to different public radio stations, using the EmanciPay prototype. Craig has hacked a way for this to show up in my Twitter stream. You can see those here.

Older posts

© 2014 ProjectVRM

Theme by Anders NorenUp ↑